IDS mailing list archives

RE: Session Hijacking

From: Omar Herrera <oherrera () prodigy net mx>
Date: Mon, 07 Mar 2005 19:04:10 -0600

-----Original Message-----
From: Dragos Ruiu [mailto:dr () kyx net]

Question, I am learning about session hijacking, and I was wondering
if an IPS has the capabilities to detect and prevent this type of
attack? If so how exactly would the IPS prevent a session hijacking?


It's pretty much impossible to prevent full-knowledge session hijacking
when the hijacker is on a local network with who he is hijacking.  You
pretty much have to be their switch.


It's an administrative hassle... but locking down mac addresses to switch
physical ports _is_ a good idea... and raises the bar on hijacking.


And with some money, resources and a lot of patience, 802.1x might raise it
even further. This way, you effectively lock down port access without having
to manually lock them down on your switches.

2 more cents...

Omar Herrera 


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Session Hijacking Terry Ray (Mar 02)
- Re: Session Hijacking Mike Frantzen (Mar 04)
  - Re: Session Hijacking Dragos Ruiu (Mar 06)
    - RE: Session Hijacking Angel L Rivera (Mar 07)
    - Re: Session Hijacking Dragos Ruiu (Mar 09)
    - Re: Session Hijacking Dragos Ruiu (Mar 09)
    - RE: Session Hijacking Angel L Rivera (Mar 09)
    - Re: Session Hijacking Dragos Ruiu (Mar 10)
    - RE: Session Hijacking Omar Herrera (Mar 07)
- Re: Session Hijacking Kevin (Mar 06)
- Re: Session Hijacking [havoc] (Mar 06)